update: bug fixes

Author: chr33s

app/entry.server.tsx

@@ -40,13 +40,14 @@ export default async function handleRequest(
 		</I18nextProvider>,
 		{
 			signal: request.signal,
-			onError(error: unknown) {
+			onError(
+				error: any /* eslint-disable-line @typescript-eslint/no-explicit-any */,
+			) {
 				if (!request.signal.aborted) {
 					// Log streaming rendering errors from inside the shell
-					console.error(error);
+					console.error("entry.server.onError", error);
 				}
-				// biome-ignore lint/style/noParameterAssign: It's ok
-				status = 500;
+				status = Number.isNaN(error.error?.status) ? 500 : error.error.status;
 			},
 		},
 	);

app/routes/app.index.tsx

@@ -1,7 +1,7 @@
 import { Page, Text } from "@shopify/polaris";
 import { useEffect } from "react";
 import { useTranslation } from "react-i18next";
-import { data, useActionData, useLoaderData } from "react-router";
+import { data } from "react-router";
 
 import type { Route } from "./+types/app.index";
 import i18n from "~/i18n.server";
@@ -12,7 +12,7 @@ export async function loader({ context, request }: Route.LoaderArgs) {
 	const shopify = createShopify(context);
 	shopify.utils.log.debug("app.index.loader");
 
-	const client = await shopify.authorize(request);
+	const client = await shopify.admin(request);
 
 	try {
 		const { data, errors } = await client.request(/* GraphQL */ `
@@ -30,8 +30,16 @@ export async function loader({ context, request }: Route.LoaderArgs) {
 	} catch (error) {
 		shopify.utils.log.error("app.index.loader.error", error);
 
-		if (error instanceof ShopifyException && error?.type === "GRAPHQL") {
-			return { errors: error.errors };
+		if (error instanceof ShopifyException) {
+			switch (error.type) {
+				case "GRAPHQL":
+					return { errors: error.errors };
+
+				default:
+					return new Response(error.message, {
+						status: error.status,
+					});
+			}
 		}
 
 		const t = await i18n.getFixedT(request);
@@ -45,9 +53,10 @@ export async function loader({ context, request }: Route.LoaderArgs) {
 	}
 }
 
-export default function AppIndex() {
-	const loaderData = useLoaderData<typeof loader>();
-	const actionData = useActionData<typeof action>();
+export default function AppIndex({
+	actionData,
+	loaderData,
+}: Route.ComponentProps) {
 	const { data, errors } = loaderData ?? actionData ?? {};
 	console.log("app.index", data);
 

app/routes/app.tsx

@@ -13,17 +13,25 @@ import { APP_BRIDGE_URL } from "~/const";
 import { createShopify } from "~/shopify.server";
 
 export async function loader({ context, request }: Route.LoaderArgs) {
-	const shopify = createShopify(context);
-	shopify.utils.log.debug("app");
+	try {
+		const shopify = createShopify(context);
+		shopify.utils.log.debug("app");
 
-	const response = await shopify.authorize(request);
-	if (response instanceof Response) throw response;
+		await shopify.admin(request);
 
-	return {
-		apiKey: shopify.config.apiKey,
-		appDebug: shopify.config.appLogLevel === "debug",
-		appUrl: shopify.config.appUrl,
-	};
+		return {
+			apiKey: shopify.config.apiKey,
+			appDebug: shopify.config.appLogLevel === "debug",
+			appUrl: shopify.config.appUrl,
+		};
+	} catch (error: any /* eslint-disable-line @typescript-eslint/no-explicit-any */) {
+		if (error instanceof Response) return error;
+
+		return new Response(error.message, {
+			status: error.status,
+			statusText: "Unauthorized",
+		});
+	}
 }
 
 export default function App() {

app/routes/proxy.index.tsx

@@ -1,8 +1,14 @@
 import { useTranslation } from "react-i18next";
 
 import type { Route } from "./+types/proxy.index";
+import { createShopify } from "~/shopify.server";
+
+export async function loader({ context, request }: Route.LoaderArgs) {
+	const shopify = createShopify(context);
+	shopify.utils.log.debug("proxy.index");
+
+	await shopify.proxy(request);
 
-export async function loader(_: Route.LoaderArgs) {
 	const data = {};
 	return { data };
 }

app/routes/proxy.tsx

@@ -1,58 +1,23 @@
-import type { Crypto } from "@cloudflare/workers-types/experimental";
 import { Outlet } from "react-router";
 
 import type { Route } from "./+types/proxy";
 import { createShopify } from "~/shopify.server";
 
 export async function loader({ context, request }: Route.LoaderArgs) {
-	const shopify = createShopify(context);
-
-	const url = new URL(request.url);
-
-	const param = url.searchParams.get("signature");
-	if (param === null) {
-		return new Response("Proxy param is missing", { status: 400 });
-	}
-
-	url.searchParams.delete("signature");
-	url.searchParams.sort();
-	const params = url.searchParams.toString();
-
-	const encoder = new TextEncoder();
-	const encodedKey = encoder.encode(shopify.config.apiSecretKey);
-	const encodedData = encoder.encode(params);
-	const hmacKey = await crypto.subtle.importKey(
-		"raw",
-		encodedKey,
-		{
-			name: "HMAC",
-			hash: "SHA-256",
-		},
-		true,
-		["sign", "verify"],
-	);
-	const signature = await crypto.subtle.sign("HMAC", hmacKey, encodedData);
-	const hmac = btoa(String.fromCharCode(...new Uint8Array(signature))); // base64
-
-	const encodedBody = encoder.encode(hmac);
-	const encodedParam = encoder.encode(param);
-	if (encodedBody.byteLength !== encodedParam.byteLength) {
-		return new Response("Encoded byte length mismatch", { status: 401 });
-	}
-
-	const valid = (crypto as Crypto).subtle.timingSafeEqual(
-		encodedBody,
-		encodedParam,
-	);
-	if (!valid) {
-		return new Response("Invalid hmac", { status: 401 });
+	try {
+		const shopify = createShopify(context);
+		shopify.utils.log.debug("proxy");
+
+		const proxy = await shopify.proxy(request);
+		shopify.utils.log.debug("proxy", { ...proxy });
+
+		return new Response(null, { status: 204 });
+	} catch (error: any /* eslint-disable-line @typescript-eslint/no-explicit-any */) {
+		return new Response(error.message, {
+			status: error.status,
+			statusText: "Unauthorized",
+		});
 	}
-
-	shopify.utils.log.debug("proxy", {
-		params: Object.fromEntries(url.searchParams),
-	});
-
-	return new Response(null, { status: 204 });
 }
 
 export default function Proxy() {

app/routes/shopify.webhooks.tsx

@@ -1,101 +1,42 @@
-import type { Crypto } from "@cloudflare/workers-types/experimental";
-
 import type { Route } from "./+types/shopify.webhooks";
 import { createShopify } from "~/shopify.server";
 
 export async function action({ context, request }: Route.ActionArgs) {
-	const shopify = createShopify(context);
-
-	// validate.body
-	const body = await request.text();
-	if (body.length === 0) {
-		return new Response("Webhook body is missing", { status: 400 });
-	}
+	try {
+		const shopify = createShopify(context);
+		shopify.utils.log.debug("shopify.webhooks");
 
-	// validate.hmac
-	const header = request.headers.get("X-Shopify-Hmac-Sha256");
-	if (header === null) {
-		return new Response("Webhook header is missing", { status: 400 });
-	}
+		const webhook = await shopify.webhook(request);
+		shopify.utils.log.debug("shopify.webhooks", { ...webhook });
 
-	const encoder = new TextEncoder();
-	const encodedKey = encoder.encode(shopify.config.apiSecretKey);
-	const encodedData = encoder.encode(body);
-	const hmacKey = await crypto.subtle.importKey(
-		"raw",
-		encodedKey,
-		{
-			name: "HMAC",
-			hash: "SHA-256",
-		},
-		true,
-		["sign", "verify"],
-	);
-	const signature = await crypto.subtle.sign("HMAC", hmacKey, encodedData);
-	const hmac = btoa(String.fromCharCode(...new Uint8Array(signature))); // base64
+		const session = await shopify.session.get(webhook.domain);
 
-	const encodedBody = encoder.encode(hmac);
-	const encodedHeader = encoder.encode(header);
-	if (encodedBody.byteLength !== encodedHeader.byteLength) {
-		return new Response("Encoded byte length mismatch", { status: 401 });
-	}
-
-	const valid = (crypto as Crypto).subtle.timingSafeEqual(
-		encodedBody,
-		encodedHeader,
-	);
-	if (!valid) {
-		return new Response("Invalid hmac", { status: 401 });
-	}
+		switch (webhook.topic) {
+			// app
+			case "APP_UNINSTALLED": {
+				if (!session) {
+					break;
+				}
+				await shopify.session.delete(session.id);
 
-	// validate.headers
-	const requiredHeaders = {
-		apiVersion: "X-Shopify-API-Version",
-		domain: "X-Shopify-Shop-Domain",
-		hmac: "X-Shopify-Hmac-Sha256",
-		topic: "X-Shopify-Topic",
-		webhookId: "X-Shopify-Webhook-Id",
-	};
-	if (
-		!Object.values(requiredHeaders).every((header) =>
-			request.headers.has(header),
-		)
-	) {
-		return new Response("Webhook headers are missing", { status: 400 });
-	}
-	const optionalHeaders = { subTopic: "X-Shopify-Sub-Topic" };
-	const headers = { ...requiredHeaders, ...optionalHeaders };
-	const webhook = Object.values(headers).reduce(
-		(headers, header) => ({
-			...headers,
-			[header]: request.headers.get(header),
-		}),
-		{} as typeof headers,
-	);
-	shopify.utils.log.debug("shopify.webhooks", { ...webhook });
-
-	const session = await shopify.session.get(webhook.domain);
-
-	switch (webhook.topic) {
-		// app
-		case "APP_UNINSTALLED": {
-			if (!session) {
 				break;
 			}
-			await shopify.session.delete(session.id);
-
-			break;
+			case "APP_PURCHASES_ONE_TIME_UPDATE":
+			case "APP_SUBSCRIPTIONS_APPROACHING_CAPPED_AMOUNT":
+			case "APP_SUBSCRIPTIONS_UPDATE":
+
+			// compliance
+			case "CUSTOMERS_DATA_REQUEST": // eslint-disable-line no-fallthrough
+			case "CUSTOMERS_REDACT":
+			case "SHOP_REDACT":
+				break;
 		}
-		case "APP_PURCHASES_ONE_TIME_UPDATE":
-		case "APP_SUBSCRIPTIONS_APPROACHING_CAPPED_AMOUNT":
-		case "APP_SUBSCRIPTIONS_UPDATE":
 
-		// compliance
-		case "CUSTOMERS_DATA_REQUEST": // eslint-disable-line no-fallthrough
-		case "CUSTOMERS_REDACT":
-		case "SHOP_REDACT":
-			break;
+		return new Response(undefined, { status: 204 });
+	} catch (error: any /* eslint-disable-line @typescript-eslint/no-explicit-any */) {
+		return new Response(error.message, {
+			status: error.status,
+			statusText: "Unauthorized",
+		});
 	}
-
-	return new Response(undefined, { status: 204 });
 }

app/shopify.server.test.ts

@@ -8,5 +8,5 @@ const context = { cloudflare: { env } } as unknown as AppLoadContext;
 
 test("createShopify", () => {
 	const shopify = createShopify(context);
-	expect(shopify.authorize).toBeDefined();
+	expect(shopify.admin).toBeDefined();
 });